04 October 2010

I was seeing a youngster on a recent Sunday morning, an aspiring linebacker, playing the local Pop Warner football league who had injured his right fourth finger in a tackle gone awry. It was kind of an ugly fracture -- angulated, rotated, and involving the growth plate. (Salter-Harris II, for those keeping score at home.) Looking at it, and knowing that it was the young fellow's dominant hand, I was a little apprehensive about reducing it myself. It's not too complex to reduce a finger, but you really want it done right, and you hate to subject the kid to multiple attempts. Since we have a hand surgeon on call, I decided to give her a buzz and get her take on the injury and whether she wanted to do it herself.

When she called back, I could hear that she was breathing hard. I explained the situation and asked if she was in a place where she could review the films. Almost all of our orthopods have the ability to look at x-rays from home, but she explained that she was at the gym in the middle of a work-out, so there was no luck there. I tried to describe the images, but either I wasn't being clear or she just wasn't able to visualize what I was describing. Finally, an inspiration born of frustration hit me and I asked her what sort of phone she used. "iPhone," she replied, and I quickly got her number and told her to stand by. Hanging up, I blew up the images as big as I could on the monitor and took photos of the screen with my iPhone and sent it to her via MMS:

No, they're not really diagnostic-quality, but they are more than good enough for the surgeon to assess. She assured me that there was no reason I should not reduce it myself, and talked me through how she would approach the reduction. I did, and it went fine:

And yes, I sent her the post reduction images too, with an editorial comment about how awesome I am...

While I was in Vegas I was relating this story to a friend of mine who is a corporate compliance officer (cause compliance guys are never-ending party types), and she was just horrified. "You sent patient information out over an unencrypted network?!?" In her eyes, this is only a slightly less grievous sin than pederasty. But I showed her the images, still on my phone, and pointed out that (unintentionally) I had framed the images so there was no identifying information visible. No PHI, no HIPAA violation! That made it OK, she agreed.

This may be something of the way of the future, as smartphones with high-resolution screens become more ubiquitous among physicians. It's a clumsy hack, to be sure, in that there is inevitable image degradation in taking a photo of a video monitor. Next time I may take a moment to save as JPG, crop and email the x-ray at higher resolution, but it was so quick to snap the pic and hit "send." It's all the more frustrating because this sort of thing is just begging for a technological solution that already exists -- OsiriX. But of course, this is dependent on people downloading specialized software and going to great effort to configure it. With most hospital networks locked down as tight as a rat's anal sphincter, I'm reasonably sure that they won't allow sending images outside their controlled domain. So for the foreseeable future, it'll be quasi-legal work-arounds, so long as our IT departments are ruled by Mordac, Preventer of Information Services.

How is it a potential privacy violation to send data files over THE SAME NETWORK that we've been using for years for consults? When I talk to my consultants on their cellphones I (of course) routinely tell them multiple patient identifiers and significant medical history; we can't do our jobs otherwise. The fact that you sent a data file instead of voice shouldn't change anything.

Love it. This is such a winning situation, America should take advantage of our technology we've grown accustomed to enjoying. Imagine the time and dollars all parties would save if we just used the technology that is in the palm of our hands to get the health care we desire.

Actually, it is possible that even de-identified x-rays are protected by HIPAA (bad news to all you bloggers out there).

Basically, an x-ray (especially one with unusal findings, such as a rectal foreign body) can be used to identify a person, and in at least some circumstances can be protected health information (PHI)as defined by the HIPAA privacy rule.

The transmission of PHI through unencrypted electronic media is almost certainly a violation of the HIPAA security rule.

I think that's a pretty conservative view of the regs, and one which most compliance folks would not endorse (never mind that there's still never been an actual prosecution for HIPAA violations!). It's a very very theoretical risk, IMHO.

Shadowfax

About me: I am an ER physician and administrator living in the Pacific Northwest. I live with my wife and four kids. Various other interests include Shorin-ryu karate, general aviation, Irish music, Apple computers, and progressive politics. My kids do their best to ensure that I have little time to pursue these hobbies.

Disclaimer

This blog is for general discussion, education, entertainment and amusement. Nothing written here constitutes medical advice nor are any hypothetical cases discussed intended to be construed as medical advice. Please do not contact me with specific medical questions or concerns. All clinical cases on this blog are presented for educational or general interest purposes and every attempt has been made to ensure that patient confidentiality and HIPAA are respected. All cases are fictionalized, either in part or in whole, depending on how much I needed to embellish to make it a good story to protect patient privacy.

All Content is Copyright of the author, and reproduction is prohibited without permission.